So what does it mean to "plug a Cloud Identity leak"? If employees at your business find it easier to "login with Google" or "login with Facebook" to cloud-based apps which they use for business, then that means that your employees are using a Cloud-based identity over their corporate login. This means that your employees credentials are being managed by a third-party. You're losing control, effectively leaking identity.
What is the alternative? The technical answer comes from standards such as OAuth 2.0 and OpenID Connect. These allow your employees to use their corporate login as a springboard to Cloud-based services, providing the same convenience of single sign-on, but with identity anchored at the corporate level.
I look forward to talking about this, and other cloud and identity topics, at EIC13. It's always a great conference with animated discussion (and German beer :-) ).